DOC PREVIEW
UTD CS 4398 - Validation and Recovering Graphic Files and Steganography

This preview shows page 1-2-3-23-24-25-26-46-47-48 out of 48 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 48 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 48 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 48 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 48 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 48 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 48 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 48 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 48 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 48 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 48 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 48 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Digital ForensicsOutlineWhat data to collect and analyzeValidating forensic dataData HidingRemote AcquisitionsRecovering Graphic FilesData CompressionLocating and Recovering Graphic FilesSteganography: OutlineSteganographySteganography - IITaxonomySlide 14Slide 15Slide 16Steganography vs WatermarkingSlide 18Null CipherSlide 20Slide 21Slide 22Slide 23Slide 24Slide 25Digital Image and AudioSlide 27Slide 28Slide 29Slide 30Digital Carrier MethodsSlide 32Slide 33Slide 34Slide 35Slide 36Detecting SteganographySlide 38Slide 39Slide 40Slide 41Slide 42Slide 43Slide 44Slide 45Some ToolsSlide 47Slide 48Digital ForensicsDr. Bhavani ThuraisinghamThe University of Texas at DallasValidation and Recovering Graphic Files andSteganographyOctober 5, 2011OutlineTopics for Lecture-What data to collect and analyze-Validating forensics data-Data hiding techniques-Remote acquisitions-Recovering Graphic files-Data compression-Locating and recovering graphic files-Steganography and Steganalysis-http://www.fbi.gov/hq/lab/fsc/backissu/july2004/research/2004_03_research01.htmWhat data to collect and analyzeDepends on the type of investigationEmail investigation will involve network logs, email server backupsIndustrial espionage may include collecting information from cameras, keystrokesScope creep: Investigation extends beyond the original description due to unexpected evidenceValidating forensic dataValidating with hexadecimal editors-Provides support such as hashing files and sectorsDiscriminating functions-Selecting suspicious data from normal dataValidating with forensics programs-Use message digests, hash valuesData HidingData hiding is about changing or manipulating a file to conceal informationHiding partitions: Create partitions and use disk editor to delete reference to it, then recreate links to find the partitionMarking bad clusters: Placing sensitive or incriminating data in free space; use disk editors to mark good clusters as bad clustersBut shifting: Change bit patterns or alter byte valuesUsing Stereography to hide data (Lecture 13)Encrypt files to prevent accessRecover passwords using passwords recovery toolsRemote AcquisitionsTools are available for acquiring data remotely-E.g., Diskexplorer for FAT-Diskexporer for NTFSSteps to follow-Prepare the tool for remote acquisition-Make remote connection-Acquire the dataRecovering Graphic FilesWhat are graphic files-Bitmaps and Raster images-Vector graphics-Metafile graphicsGraphics file formats-Standards and SpecializedDigital camera file formats-Raw and Inage file formatData CompressionLossless compression-Reduce file size without removing dataLossy compression-Reduces file size but some bits are removed-JPEGTechniques are taught in Image processing coursesLocating and Recovering Graphic FilesIdentify the graphic file fragments-If the file is fragmented, need to recover all the fragments carving or salvaging)Repair damage headers-If header data is partially overwritten need to figure out what the missing pieces areProcedures also exist form recovering digital photograph evidenceSteps to follow-Identify file-Recover damage headers-Reconstruct file fragments-Conduct examSteganography: OutlineSteganographyNull CiphersDigital Image and AudioDigital Carrier MethodsDetecting SteganographyToolsReference: http://www.fbi.gov/hq/lab/fsc/backissu/july2004/research/2004_03_research01.htmSteganographySteganography is the art of covered or hidden writing. The purpose of steganography is covert communication to hide a message from a third party. This differs from cryptography, the art of secret writing, which is intended to make a message unreadable by a third party but does not hide the existence of the secret communication.Although steganography is separate and distinct from cryptography, there are many analogies between the two, and some authors categorize steganography as a form of cryptography since hidden communication is a form of secret writing  We will treat steganography as a separate field.Steganography - IISteganography hides the covert message but not the fact that two parties are communicating with each other. The steganography process generally involves placing a hidden message in some transport medium, called the carrier. The secret message is embedded in the carrier to form the steganography medium. The use of a steganography key may be employed for encryption of the hidden message and/or for randomization in the steganography scheme. In summary: -steganography_medium = hidden_message + carrier + steganography_keyTaxonomyTaxonomyTechnical steganography uses scientific methods to hide a message, such as the use of invisible ink or microdots and other size-reduction methods. ‘Linguistic steganography hides the message in the carrier in some nonobvious ways and is further categorized as semagrams or open codes.Semagrams hide information by the use of symbols or signs.-A visual semagram uses innocent-looking or everyday physical objects to convey a message, such as doodles or the positioning of items on a desk or Website. -A text semagram hides a message by modifying the appearance of the carrier text, such as subtle changes in font size or type, adding extra spaces, or different flourishes in letters or handwritten text.TaxonomyOpen codes hide a message in a legitimate carrier message in ways that are not obvious to an unsuspecting observer. The carrier message is sometimes called the overt communication, whereas the hidden message is the covert communication. This category is subdivided into jargon codes and covered ciphers. Jargon code uses language that is understood by a group of people but is meaningless to others. Jargon codes include warchalking (symbols used to indicate the presence and type of wireless network signal underground terminology, or an innocent conversation that conveys special meaning because of facts known only to the speakers. A subset of jargon codes is cue codes, where certain prearranged phrases convey meaning.TaxonomyCovered or concealment ciphers hide a message openly in the carrier medium so that it can be recovered by anyone who knows the secret for how it was concealed. A grille cipher employs a template that is used to cover the carrier message. The words that appear in the openings of the template are the hidden message. A null cipher hides


View Full Document

UTD CS 4398 - Validation and Recovering Graphic Files and Steganography

Documents in this Course
Botnets

Botnets

33 pages

Botnets

Botnets

33 pages

Load more
Download Validation and Recovering Graphic Files and Steganography
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Validation and Recovering Graphic Files and Steganography and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Validation and Recovering Graphic Files and Steganography 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?